Although 2015 is only a few weeks old, there is still plenty of time for retailers to make changes that will help them to improve for the rest of the year. One of the areas nearly every business could do better in is cybersecurity. Last year was one of the worst yet for retail data breaches, and 2015 isn’t shaping up to be any better. There are a variety of threats that stores will be facing this year. Below are the top three security risks for 2015 and how retailers can protect against them:
POS and virtual payment system attacks
By now, most consumers know about the potential risks facing point-of-sale systems at retail locations. Major breaches like those at Target and Home Depot targeted customer information stored in the retailers’ POS terminals. Because they are so successful, these types of attacks have grown more popular in recent years, causing shoppers to become wary about using their credit cards in certain locations.
To combat attacks from cybercriminals looking to steal financial information, an increasing number of consumers have turned to virtual payment systems like Apple Pay as an alternative. Unfortunately for shoppers, security experts believe this will cause an influx of attacks targeting these types of payment options instead.
“We expect to see cybercriminals focus more on new payment systems as they are adopted and the potential for criminal financial gain thus increases,” said senior security researcher Patrick Nielsen. “In fact, we already have some examples of malware stealing virtual wallets from users’ devices , and very high-profile incidents of banks themselves being infiltrated.”
This cybercrime double whammy will not only hurt shoppers, but also the retailers as consumers become more concerned about the security of their personal information. To help ease customers’ fears and increase data protection in POS systems and enterprise networks, retailers should implement Faronics Anti-Virus. This layered security solution offers users a combination of anti-virus, anti-spyware, anti-rootkit, firewall and Web filtering protection. It is also extremely fast and capable of scanning large amounts of data at high speeds to ensure information is secure without slowing down business.
Malware will become more sophisticated, harder to detect
If 2014 taught us anything about cyberattacks, it was that they can mean big business for the malicious actors behind them. Stolen credit card numbers and other personal information like email addresses and Social Security numbers can bring a rather larger sum for the cybercriminals willing to do the work, and a growing number of hackers appear to be doing just that.
As with any business venture, when things are going well, you increase production. With data breaches seeing so much success over the last year, cybercriminals are going to be using successful forms of malware more frequently than ever.
“In the coming months, we will see increased use of P2P, darknet and Tor communications, forums selling malware and stolen data will also retreat further into hidden corners of the Internet in an attempt to avoid infiltration,” said Andy Avanessian, vice president of professional services at Avecto.
As malicious software becomes harder to detect, it will become more difficult for enterprises to protect against. A popular tactic being used by cybercriminals right now is to create phony applications that look just like the real thing, tricking victims into downloading a fake and then infecting them with malware. If a compromised app looks just like a legitimate one, how can companies protect against attack?
Utilizing a whitelisting solution like Faronics Anti-Executable, businesses can ensure that any unapproved application is not allowed to run, which keeps necessary hardware safe from infections. System updates are also easily managed with Anti-Executable, doubling the amount of protection an organization receives. Updates from a trusted publisher like Microsoft can be set to automatically download in advance, meaning the newest version of critical software will always be available without any hassle. Both of these features dramatically reduce the amount of individual work the IT department has to do, allowing them to focus on more mission-critical situations.
In recent years, a growing number of data breaches have been conducted using a third party to gain access to the desired network. The risk of these types of attacks will increase as the the Internet of Things expands to include hundreds of millions of interconnected devices. Such was the case with the Target breach, when hackers were able to gain access to the store’s POS terminals through a third-party heating and cooling company whose system was connected to Target’s internal network.
As more devices within a store begin to connect with one another, the potential entry points for malicious actors become endless. With every Internet-connected machine turning into a data breach time bomb, retailers have to act quickly to defend their networks from cyberattacks. One of the best ways to keep multiple endpoints safe from malicious actors is to employ a layered security approach. This type of solution uses multiple defense methods so that each unique point of access is secured with the tools necessary for its specific structure.